Application Security Engineer

This role is internally titled "Senior Platform Security Engineer (DevSecOps)"

Are you a developer with a passion for secure coding practices and a curiosity for security engineering?

We're on the lookout for an ex-developer (or current developer ready to pivot) who can bring a strong software engineering foundation into the world of application security. If you're experienced in CI/CD, have touched SAST/DAST, and want to dive deeper into secure development practices, this role is a great fit. across Azure, AWS, and internal systems - embedding security from code to cloud.

About Tribal

Tribal is a leading EdTech business providing market-leading software solutions to the global education market. We research, develop, and deliver the products, services, and solutions needed by education institutions worldwide to support their core mission: educating students, delivering optimum learning experiences, and achieving successful outcomes.

We're currently strengthening our security function and are looking for a technical specialist to help shift-left across our development lifecycle - integrating security earlier and deeper into our pipelines, codebases, and release processes.

As a Senior Platform Security Engineer (DevSecOps), you will work closely with development, DevOps, and infrastructure teams to embed secure coding practices, integrate automated security tooling, and ensure code and environments meet compliance and security expectations.

This is not an infrastructure/cloud-focused role - we're looking for someone with a developer mindset who understands how software is built and wants to influence how it's secured.

You'll be involved in:

• Integrating SAST/DAST tools into CI/CD pipelines
• Performing secure code reviews and advising on coding best practices
• Championing security in agile product teams
• Collaborating on threat modelling and secure design discussions
• Supporting incident response and code-level triage when required
• Identifying and remediating code vulnerabilities early in the lifecycle
• Driving adoption of security automation across developer workflows

This is a full-time, fully remote role with occasional travel. Some out-of-hours work may be required under Tribal's On-Call and Out of Hours Working Policy, with appropriate compensation.

• A background in software development (e.g., C#, Java, Python, JavaScript)
• Working knowledge of CI/CD pipelines (Azure DevOps, GitLab CI, GitHub Actions, Jenkins)
• Hands-on exposure to tools such as SonarQube, Checkmarx, Veracode, OWASP ZAP, Snyk, or similar
• Understanding of SAST, DAST, and dependency scanning
• A strong interest in secure development and application security
• Experience collaborating with engineers in agile, fast-paced environments

It would be great if you also had:

• Familiarity with secure SDLC practices
• Experience in cloud-based environments (Azure or AWS)
• Certifications such as AZ-500, AWS Security, or CISSP (not essential)
• Exposure to IaC scanning tools like Checkov, TFSec, or Terraform-compliance

We offer a range of exceptional benefits to support your wellbeing and work-life balance, including a comprehensive Health Cash Plan, Private Medical Insurance and Employee Assistance Programme, along with a generous parental leave package and the ability to buy or sell holiday each year. We also offer the option of working overseas for up to 8 weeks per year. You'll also have access to E-Learning Opportunities to enhance your skills, Volunteer Days to give back to your community and access to Achievers, our reward and recognition platform, to ensure you can thrive both personally and professionally in a supportive and rewarding environment.

We're committed to creating an environment that enables employees to balance their responsibilitie s inside and outside of work and encourage and support a range of flexible working patterns for all colleagues. If you need flexibility, apply and discuss your needs with us.

If you are successful in your application, a security/criminal record check will be required before we can employ you, If, following the check the nature of a conviction is deemed unacceptable, this may lead to an offer of employment being withdrawn.